search for: 4721dc1

Displaying 2 results from an estimated 2 matches for "4721dc1".

2018 Feb 09
3
[PATCH]Add address overflow check
...end) { fprintf (stderr, "Invalid/corrupted comments\n"); return; } The pointer `c` happened to be greater than `0x80000000` and the sum overflowed, even though `length` is positive. Here's the patch code: *diff --git a/src/speexdec.c b/src/speexdec.c* *index 4721dc1..18786f1 100644* *--- a/src/speexdec.c* *+++ b/src/speexdec.c* @@ -105,7 +105,7 @@ static void print_comments(char *comments, int length) end = c+length; len=readint(c, 0); c+=4; - if (len < 0 || c+len>end) + if (len < 0 || c+len>end || c+len<c) {...
2018 Feb 09
0
[PATCH]Add address overflow check
...quot;); > >       return; > >    } > > > The pointer `c` happened to be greater than `0x80000000` and the sum > overflowed, even though `length` is positive. > > Here's the patch code: > > *diff --git a/src/speexdec.c b/src/speexdec.c* > > *index 4721dc1..18786f1 100644* > > *--- a/src/speexdec.c* > > *+++ b/src/speexdec.c* > > @@ -105,7 +105,7 @@static void print_comments(char *comments, int length) > >     end = c+length; > >     len=readint(c, 0); > >     c+=4; > > -   if (len < 0 || c+len>e...